Components Vulnerabilities Pricing MCP API

Docs

Find vulnerabilities. Fix fast with AI.

Search components by package, version, or CVE to get started.

Get full component data and automated fixes with Sonatype Guide.

maven

com.novartis.opensource

yada-api

8.7.3

yada-api 8.7.3

com.novartis.opensource

PublishedOct 25, 2018•Policy

compliance

maven Registry

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

com.novartis.opensource/yada-api 8.7.3 | V… | Sonatype Guide

Get full component data and automated fixes with Sonatype Guide.

maven

com.novartis.opensource

yada-api

8.7.3

yada-api 8.7.3

com.novartis.opensource

PublishedOct 25, 2018•Policy

compliance

maven Registry

Developer Trust Score

Recommended Version:x.y.z

Recommended upgrade that meets your policy.

Compare Versions

Severity

Critical (1)

High (2)

Medium (1)

Low (0)

CVSS Score

0.010.0

EPSS Score

0.01.0

Malware

KEV StatusPublished

8.7CVE-2024-38999

jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

affected

SeverityHigh

PublishedJul 2, 2024

7.5sonatype-2024-0721

requirejs - Prototype Pollution

affected

SeverityHigh

PublishedApr 2, 2024

9.8sonatype-2019-0500

lodash - Prototype Pollution via _.template

affected

SeverityCritical

PublishedNov 26, 2019

6.5CVE-2018-3721

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

affected

SeverityMedium

Published

Apr 27, 2018